Privacy NOTICE

- For Users of the OneSystem Portal Platform -

 Introduction

YOUR PRIVACY IS VERY IMPORTANT TO US.
This Seegene Privacy Notice (the “Privacy Notice”) describes how Seegene, Inc. (“Seegene”, “we”, “our” or “us”) collects, uses, shares, and otherwise processes Personal Information (as defined below) in relation to your access and use of the features and services of the Platform (as defined below).

Applicable Laws

PLEASE READ THIS PRIVACY NOTICE CAREFULLY.
This Privacy Notice will explain who we are, how we process the Personal Information (as defined below) we collect from you when you use our OneSystem Portal Platform (the “Platform”), and your rights in relation to it, including how to contact us or supervisory authorities if you have any request or complaint (if any).

In this Privacy Notice, “Personal Information” means information that can be used, directly or indirectly, to identify you as an individual, either alone or in combination with other information we hold.

If you share any personal information of other individuals (e.g., colleagues, family members, employees, etc.), you must inform them about the terms and conditions of this Privacy Notice. In addition, you must ensure that you are legally authorized and entitled to provide us with such individuals’ Personal Information and that the information you provide is accurate and up-to-date.

EEA (GDPR)

  • When we offer goods and/or services to individuals in the European Economic Area (“EEA”), we are subject to the EU General Data Protection Regulation (“GDPR”), which applies across the entire European Union. Unless otherwise stated in this Privacy Notice, we are responsible as a “controller” of your Personal Information for the purposes of the GDPR.

Republic of Korea (PIPA)

  • For users located in Korea, Seegene complies with the Personal Information Protection Act (PIPA), and the relevant obligations are fulfilled under Seegene’s internal data handling policies.

California (CCPA/CPRA)

  • For users located in California, Seegene complies with the California Consumer Privacy Act of 2018 (CCPA), as amended by the California Privacy Rights Act of 2020 (CPRA). See the relevant section below for more information.

Israel (PPL)

  • For users residing in Israel, Seegene complies with the Protection of Privacy Law (PPL), enacted in 1981.

  

How We Collect Personal Information

We collect most of Personal Information directly from you. However, we may also collect information from the following categories of sources:

Directly from you

When you interact with the Platform, including when you:

  • Register for an account
  • Submit inquiries or customer support requests
  • Update your profile or settings

Automatically from your device

We automatically collect certain information when you use our Platform, such as:

  • IP address, device type, browser version, screen resolution
  • Usage logs, Traces, Usage metrics, Registration date
  • Cookie data (see our [[Cookie Policy]] for more details) These are collected through our systems or service providers (e.g., Microsoft Azure)

  

Personal Information We Collect

Through this Platform, we will be primarily engaged by corporate entities you are affiliated or have contractual relationships with. However, as part of the business transaction between Seegene and such corporate entities, Personal Information of such corporate entities’ directors, officers, employees, and other personnel may be provided to us.

As you use the Platform, we may collect your Personal Information. This may happen when you contact us or request any information from us, engage with our Platform service, or interact with one or more users of the Platform or our staff via Platform services.

Mandatory information
Organization/Department name, Position, Name, Email address, Company name

Automatically collected information
Name, Email address, IP address, Online identifiers, Logs, Traces, Usage metrics, Registration date Persistent cookies that may remain on your device to track browsing behavior (e.g., sites visited, time spent)

Optional information
Job Title, Profile image

Anonymous visitors
You may access the Platform without providing Personal Information. However, some functions of the Platform may be limited if required information is not provided.

Category of Personal Information we collect(CCPA)

  • Identifiers
    • Name, Email address, IP address: ✅ Collected
    • Profile image: 🔸 Maybe (if provided during registration)
  • Professional or Employment-related Information
    • Organization/Department Name, Position, Company name, Job Title: ✅ Collected
    • Job Title: 🔸 Maybe (if provided during registration)
  • Internet or Other Similar Network Activity
    • Logs, Traces, Usage metrics, Registration date, Persistent cookies: ✅ Collected
  • Sensitive Personal Information: ❌ Not Collected 
  • Commercial Information: ❌ Not Collected 
  • Biometric Information: ❌ Not Collected 
  • Geolocation Data: ❌ Not Collected 
  • Sensory Data: ❌ Not Collected

  

Why We Use Personal Information

We process Personal Information under applicable data protection laws (including PIPA, GDPR, and PPA) only where we have a valid legal basis, such as:

Service provision and optimization
To deliver and improve our Platform services (e.g., Platform, LabIDE), enhance user convenience, meet security requirements, verify your identity and determine your eligibility to use the Platform

Fraud detection and prevention
For our legitimate interests or those of a third party, in order to minimize risks and protect both you and Seegene

Compliance with legal and regulatory obligations
To meet requirements under applicable laws and regulations

With your consent
For purposes you explicitly agree to; you may withdraw consent at any time by updating your preferences or contacting us

  

Retention of Personal Information

Personal Information is kept while your account is active or while Platform services are being provided, until you request us to delete your Personal Information.

If a user's registration request is rejected, the submitted Personal Information will be deleted immediately. To register in the future, you must submit a new request.

We may retain certain information beyond each of the above described periods if required to comply with legal or contractual obligations (e.g., responding to questions, complaints, or claims).

When retention is no longer required, information will be deleted or anonymized in accordance with applicable laws.

Dormant account policy

  • 1 year of inactivity → account converted to dormant (with at least 10 days’ prior notice)
    • 1 additional year of inactivity → account deactivated (with at least 10 days’ prior notice)
    • Deactivated account information is retained for up to 5 years:
      • Name, Organization/Department name, Registration date, and Job title are kept during this period
      • After 5 years, Name, Organization/Department name, Position, Registration date, and Job title will be deleted.

  

Sharing of Personal Information

We may share Personal Information with trusted third parties only as necessary for the operation of the Platform:

  • Microsoft Corporation – provision of cloud computing services (Microsoft Azure, Seoul region)
    • Retained only during service use, destroyed once the purpose is achieved
  • Some service providers may be located outside the EEA. In such cases, we apply appropriate safeguards (such as Standard Contractual Clauses or equivalent measures) to protect your Personal Information.

  

Your Rights under the EU GDPR (EEA GDPR)

If you are located in the EEA, you have the following rights under the GDPR:

  • Right to be informed (Art. 13 & 14) – know how your data is collected and processed
  • Right of access (Art.15) – request a copy of your Personal Information
  • Right to rectification (Art. 16) – correct inaccurate or incomplete information
  • Right to erasure (“right to be forgotten”) (Art. 17) – request deletion in certain situations
  • Right to restrict processing (Art. 18) – limit how your data is used in specific circumstances
  • Right to data portability (Art. 20) – receive your data in a structured, machine‑readable format and transfer it to another controller
  • Right to object (Art. 21) – object to processing for direct marketing or in other cases where legitimate interests are the basis
  • Right not to be subject to automated decision‑making (Art. 22) – avoid decisions made solely by automated processes with significant effects

You may exercise these rights by contacting us at dataprotection@seegene.com.
To verify your request, we may require proof of identity and sufficient information to confirm your relationship with us.

If you are not satisfied with our response, you also have the right to lodge a complaint with your local supervisory authority in the EEA.(Art. 77). In addition, you can revoke any potentially given consent to the processing of Personal Information at any time with effect for the future.

  

Your Rights under the California CCPA/CPRA

If you are a California resident, you have the following rights under the CCPA/CPRA:

  • Right to know what personal information we collect, use, and share
  • Right to delete your personal information (subject to exceptions)
  • Right to correct inaccurate information
  • Right to opt out of sale/sharing of personal information
  • Right to limit use of sensitive personal information
  • Right not to be discriminated against for exercising your rights

We do not sell or disclose (except as expressly prescribed in this Privacy Notice Personal Information to third parties, nor do we collect sensitive Personal Information and biometric information.

If you would like to exercise any of your rights under CCPA and CPRA, you can do so here: [Writing to us] You may also email us at dataprotection@seegene.com.

Please note that you may only make a CCPA/CPRA-related data access or data portability disclosure request twice within a 12-month period. If you choose to contact us directly by email, you will need to provide us with: • Sufficient information that allows us to reasonably verify you are the person about whom we collected Personal Information or an authorized representative; and • A description of what right you want to exercise and the information to which your request relates.

We are not obligated to make a data access or data portability disclosure if we cannot verify that the person making the request is the person about whom we collected information, or is someone authorized to act on such person's behalf. Any Personal Information we collect from you to verify your identity in connection with your request will be used solely for the purposes of verification.

   

Keeping Your Personal Information Secure

We implement technical, organizational, and administrative safeguards to protect Personal Information, including:

  • Restricting access to those with a genuine business need
  • Ensuring processors are bound by confidentiality obligations
  • Monitoring and responding to potential security incidents

Where required by law, you and the relevant regulator will be notified of any suspected data breach.

  

Children

  • The Platform is not intended for individuals under 16 years of age.
  • We do not knowingly collect, store, share, or use personal information from children under 16.
  • If you are under 16, please do not provide any personal information.
  • If such information is mistakenly provided, parents or guardians should notify us and we will promptly delete it.

  

Cookies and Similar Technologies

We and our service providers use cookies and similar technologies to collect information about your use of the Platform.

Cookies
Small text files placed on your device to support navigation, enable faster log‑in, and track usage.
You can block or manage cookies through your browser settings, but some features may not work properly if cookies are disabled.

Clear GIFs / Pixels / Tags
Tiny graphics embedded in web pages or emails, used to track user activity, manage content, and compile usage statistics (e.g., email opens, forwards, or link clicks).

Log files
Automatically collected technical details such as IP address, device type, screen resolution, operating system, and browser version.

Do‑not‑track signals
Our Platform does not respond to do‑not‑track signals. However, you can limit certain tracking through your browser settings or our Cookie Policy.

Cookie settings
You may manage preferences and opt out of most non‑essential third‑party cookies at any time through the Cookie Settings page or our [Cookie Policy].

  

Updates to this Notice

Last updated: Oct 1, 2025
We may update this Privacy Notice and will inform you through the Platform when changes are made.

  

Contact Us

Seegene, Inc.
25F, 209, Jamsil-ro, Songpa-gu, Seoul, 05552, Republic of Korea
📧 dataprotection@seegene.com